Lucene search

[email protected]CVE-2015-4206

HistoryDec 15, 2015 - 5:59 a.m.

CVE-2015-4206

2015-12-1505:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cisco

ucm

xss bypass

cve-2015-4206

bug id cscuu15266

nvd

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq8.0\(2c\)
cisco:unified_communications_managercisco unified communications managereq8.5.1
cisco:unified_communications_managercisco unified communications managereq8.0_base
cisco:unified_communications_managercisco unified communications managereq8.6.2
cisco:unified_communications_managercisco unified communications managereq8.5_base
cisco:unified_communications_managercisco unified communications managereq8.0\(3\)
cisco:unified_communications_managercisco unified communications managereq8.6_base
cisco:unified_communications_managercisco unified communications managereq8.6.1

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	8.0\(2c\)
cisco:unified_communications_manager	cisco unified communications manager	eq	8.5.1
cisco:unified_communications_manager	cisco unified communications manager	eq	8.0_base
cisco:unified_communications_manager	cisco unified communications manager	eq	8.6.2
cisco:unified_communications_manager	cisco unified communications manager	eq	8.5_base
cisco:unified_communications_manager	cisco unified communications manager	eq	8.0\(3\)
cisco:unified_communications_manager	cisco unified communications manager	eq	8.6_base
cisco:unified_communications_manager	cisco unified communications manager	eq	8.6.1

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm

www.securityfocus.com/bid/79196

www.securitytracker.com/id/1034430

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

Related for CVE-2015-4206

prion1 cvelist1 cisco1